Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 45
November 6, 2008

SANS Newsletters Home

IBM's Tivoli software and Adobe's Acrobat have both been found this week to have critical vulnerabilities. Active exploits are already circulating for the Acrobat problem. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 11 (#2, #3)
    • Linux
    • 1
    • Unix
    • 1
    • Cross Platform
    • 9 (#1)
    • Web Application - Cross Site Scripting
    • 13
    • Web Application - SQL Injection
    • 38
    • Web Application
    • 35
    • Network Device
    • 1 (#4)

************************** Sponsored By SANS ****************************

How vulnerable are my industrial control systems? How are attackers penetrating my defenses? How can I mitigate this threat? These are some of the topics of the SCADA & Process Control Security Summit. Learn about the most promising commercial and governmental solutions and how others have used them. February 2-3 - Orlando. http://www.sans.org/info/35004

*************************************************************************

TRAINING UPDATE - - SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/cdi08/ - - London (12/1- 12/9) http://sans.org/london08/ - - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/ - - Las Vegas (1/24-2/01) http://sans.org/securitywest09/ and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: IBM Tivoli Storage Manager Buffer Overflow
  • Affected:
    • IBM Tivoli Storage Manager Express for Microsoft SQL

  • Description: IBM Tivoli Storage Manager provides storage and backup management for a variety of platforms. A buffer overflow exists in its backup client for Microsoft SQL. A specially crafted request to this service could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process (SYSTEM). Some technical details are publicly available for this vulnerability. An additional, possibly related, vulnerability exists in the client's scheduling code.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) MODERATE: NOS Microsystems getPlus Download Manager Buffer Overflow
  • Affected:
    • NOS Microsytems getPlus Download Manager ActiveX Control

  • Description: NOS Microsytems getPlus Download Manager is a popular software update manager, used by vendors including Adobe for Adobe's Acrobat product. The getPlus Download Manager contains a buffer overflow in its handling of user input. A specially crafted web page that instantiates the control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for this vulnerability. Note that the known exploit case requires that a malicious file be sourced from a domain ending in "adobe.com". This may significantly complicate exploitation, though at least one workaround is publicly known. When the ActiveX control is distributed by vendors other than Adobe, this restriction will likely not be present.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7". Note that this will affect normal application functionality.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 45, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.45.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Aztec ActiveX "Aztec.dll" ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: Aztec ActiveX is an ATL based control for handling Aztec 2D barcode. Aztec ActiveX is exposed to multiple issues that allow attackers to overwrite files with arbitrary, attacker-supplied content. Aztec ActiveX version 3.0.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.45.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MW6 Technologies Barcode ActiveX "Barcode.dll" Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: Barcode ActiveX is an ATL based control for creating device independent barcodes. Barcode ActiveX control is exposed to multiple issues that allow attackers to overwrite files with arbitrary, attacker-supplied content. Barcode ActiveX version 3.0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31979
  • 08.45.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MW6 DataMatrix "DataMatrix.dll" ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: MW6 DataMatrix ActiveX control is an application for handling barcode data. The application is exposed to multiple issues that allow attackers to overwrite files with arbitrary, attacker-supplied content. MW6 DataMatrix ActiveX control version 3.0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31979
  • 08.45.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MW6 PDF417 "MW6PDF417.dll" ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: MW6 PDF417 ActiveX control is an application for handling barcode data. The application is exposed to multiple issues that allow attackers to overwrite files with arbitrary, attacker supplied content. MW6 PDF417 ActiveX control version 3.0.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.45.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite
  • Description: Visagesoft eXPert PDF Viewer ActiveX control is an application for viewing PDF documents. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. Visagesoft eXPert PDF Viewer ActiveX control version 3.0.990.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.45.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DjVu "DjVu_ActiveX_MSOffice.dll" ActiveX Component Heap Buffer Overflow
  • Description: The DjVu ActiveX handles files in the DjVu digital document format. The application is exposed to a heap based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. The DjVu ActiveX control version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31987
  • 08.45.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft DebugDiag "CrashHangExt.dll" ActiveX Control Remote Denial of Service
  • Description: Microsoft DebugDiag "CrashHangExt.dll" ActiveX control is a tool to assist in troubleshooting Windows applications. The application is exposed to a denial of service issue because of a NULL pointer dereference error. Microsoft DebugDiag version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497943
  • 08.45.8 - CVE: CVE-2007-6432
  • Platform: Third Party Windows Apps
  • Title: Adobe PageMaker "AldFs32.dll" Key Strings Stack-Based Buffer Overflow
  • Description: Adobe PageMaker is a desktop publishing application. The application is exposed to a stack based buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue can occur when a specially crafted .PMD file is opened with a vulnerable application. Adobe PageMaker version 7.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497952
  • 08.45.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Chilkat Crypt ActiveX Control "ChilkatCrypt2.dll" Arbitrary File Overwrite
  • Description: Chikat Crypt ActiveX control is used to encrypt, hash and sign data. Chilkat Crypt ActiveX control is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. This issue occurs in the of the "WriteFile()" method of the "hilkatCrypt2.dll" ActiveX control. Chikat Crypt ActiveX control version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32073
  • 08.45.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Windows Media Player Unspecified DAT File Parsing Denial of Service
  • Description: Microsoft Windows Media Player is a multimedia application available for the Microsoft Windows operating system. The application is exposed to an unspecified denial of service issue when processing a malformed DAT file.
  • Ref: http://www.securityfocus.com/bid/32077
  • 08.45.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Network-Client FTP Now Heap Buffer Overflow
  • Description: Network-Client FTP Now is an FTP client application for Microsoft Windows. The application is exposed to a heap-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Network-Client FTP Now version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/32080
  • 08.45.12 - CVE: Not Available
  • Platform: Linux
  • Title: htop Hidden Process Name Input Filtering
  • Description: htop is a process viewer for Linux. htop is exposed to an input-filtering issue that can result in hidden process names. The application fails to filter non-printable characters. Certain characters can be used to corrupt the application's display. htop version 0.7 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504144
  • 08.45.13 - CVE: Not Available
  • Platform: Unix
  • Title: Dovecot Invalid Message Address Parsing Denial of Service
  • Description: Dovecot is a mail server application for Linux and UNIX like operating systems. Dovecot is exposed to a remote denial of service issue because it fails to handle certain specially crafted email headers. Dovecot versions 1.1.4 and 1.1.5 are affected.
  • Ref: http://www.dovecot.org/list/dovecot-news/2008-October/000089.html
  • 08.45.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Quassel Core CTCP Ping Input Validation
  • Description: Quassel is a distributed IRC client available for multiple platforms; Quassel Core is its central hub component. Quassel Core is exposed to an input validation issue that lets attackers hijack connections and execute arbitrary IRC commands as a user of the vulnerable application. Quassel Core versions prior to 3.0.3 are affected.
  • Ref: http://quassel-irc.org/node/89
  • 08.45.15 - CVE: CVE-2007-5394, CVE-2007-6021
  • Platform: Cross Platform
  • Title: Adobe PageMaker Font Structure Multiple Buffer Overflow Vulnerabilities
  • Description: Adobe PageMaker is an application for desktop publishing. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. These issues occur when handling a malformed ".PMD" file with a specially crafted font structure. Adobe PageMaker version 7.0.1 is affected.
  • Ref: http://secunia.com/secunia_research/2007-80/
  • 08.45.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Python Imageop Module "imageop.crop()" Buffer Overflow
  • Description: Python is an interpreted dynamic object oriented programming language that is available for many operating systems. Python's "imageop" module is exposed to a buffer overflow issue. Specifically, the function "imageop.crop()" fails to properly bounds check parameters. Python versions prior to 2.5.2 are affected.
  • Ref: http://svn.python.org/view?rev=66689&view=rev
  • 08.45.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Storage Manager Client Buffer Overflow
  • Description: IBM Tivoli Storage Manager is a data backup manager for enterprises. The IBM Tivoli Storage Manager Client is exposed to an unspecified buffer overflow issue. This issue affects Client Acceptor Daemon (CAD), and also the scheduler if using PROMPTED as the value for the SCHEDMODE option.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-071/
  • 08.45.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Absolute Live Support .Net Cookie Authentication Bypass
  • Description: Absolute Live Support .Net is a chat application for customer support. It is implemented in ASP.Net. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. Absolute Live Chat .Net version 5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32010
  • 08.45.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser 9.62 History Search Input Validation
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The browser is exposed to an input validation issue because of the way it stores data used for the History Search feature. Opera Web Browser version 9.62 is affected.
  • Ref: http://www.securityfocus.com/bid/32015
  • 08.45.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Net-SNMP GETBULK Remote Denial of Service
  • Description: Net-SNMP is an SNMP (Simple Network Management Protocol) package including multiple applications. Net-SNMP is exposed to an unspecified remote denial of service issue related to the handling of "GETBULK" SNMP requests.
  • Ref: http://sourceforge.net/forum/forum.php?forum_id=882903
  • 08.45.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Dns2tcp "dns_decode.c" Remote Buffer Overflow
  • Description: Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. The application is exposed to a buffer overflow issue because it fails to properly validate user-supplied input. This issue affects the "dns_decode()" function of the "server/dns_decode.c" source file. Dns2tcp versions prior to 0.4.2 are affected.
  • Ref: http://www.securityfocus.com/bid/32071
  • 08.45.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: University of Washington IMAP "tmail" and "dmail" Local Buffer Overflow Vulnerabilities
  • Description: University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.washington.edu/imap/documentation/RELNOTES.html
  • 08.45.23 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: KKE Info Media Kmita Gallery Multiple Cross-Site Scripting Vulnerabilities
  • Description: Kmita Gallery is a web-based gallery implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31970
  • 08.45.24 - CVE: CVE-2008-4795, CVE-2008-4794
  • Platform: Web Application - Cross Site Scripting
  • Title: Opera Web Browser History Search and Links Panel Cross-Site Scripting Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The browser is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Opera Web Browser versions prior to 9.62 are affected.
  • Ref: http://www.opera.com/support/search/view/906/
  • 08.45.25 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dorsa CMS "Default_.aspx" Cross-Site Scripting
  • Description: Dorsa CMS is a web-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "Default_.aspx" script when the "Page_" parameter is set to "search".
  • Ref: http://www.securityfocus.com/bid/31992
  • 08.45.26 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SonicWALL Content Filtering Error Page Cross-Site Scripting
  • Description: SonicWALL Content Filtering is a network security application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input when displaying URI address data in the default error page. SonicWALL Content Filtering on SonicOS Enhanced versions prior to 4.0.1.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/497948
  • 08.45.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CompactCMS "admin/index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: CompactCMS is a content-management system. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. CompactCMS version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32007
  • 08.45.28 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cPanel Cross-Site Scripting Vulnerabilities and Local File Include
  • Description: cPanel is a web hosting control panel. The application is exposed to multiple input validation issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/497964
  • 08.45.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Fortinet Fortigate Unspecified Cross-Site Scripting
  • Description: Fortinet Fortigate is a series of antivirus firewall devices. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input included in unspecified pages. This issue occurs due to the display of user-supplied URIs.
  • Ref: http://www.securityfocus.com/bid/32017
  • 08.45.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Camera Life Multiple Cross-Site Scripting Vulnerabilities
  • Description: Camera Life is a web-based photo gallery application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Camera Life version 2.6.2b8 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-camera-life2.html
  • 08.45.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tribiq CMS "template_path" Parameter Cross-Site Scripting
  • Description: Tribiq CMS is a PHP based content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "template_path" parameter of the "templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php" script. Tribiq CMS version 5.0.10a is affected.
  • Ref: http://www.securityfocus.com/bid/32050
  • 08.45.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MyGallery "gallery.inc.php" Parameter Cross-Site Scripting
  • Description: MyGallery is a PHP based photo gallery. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "mghash" parameter of the "gallery.inc.php" script. MyGallery version 1.7.2 is affected.
  • Ref: http://holisticinfosec.org/content/view/86/45/
  • 08.45.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SignMe "signme.inc.php" Cross-Site Scripting
  • Description: SignMe is a PHP based photo gallery. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "hash" parameter of the "signme.inc.php" script. SignMe version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32068
  • 08.45.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RateMe "rate" Parameter Cross-Site Scripting
  • Description: RateMe is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "rate" parameter. RateMe version 1.3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32069
  • 08.45.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Matpo.de Link "view.php" Cross-Site Scripting
  • Description: Matpo.de Link is a link management application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "thema" parameter of the "view.php" script. Matpo.de Link version 1.2b is affected.
  • Ref: http://www.securityfocus.com/bid/32082
  • 08.45.36 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebCards "admin.php" Login Page SQL Injection
  • Description: WebCards is a PHP based ecard application. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "password" field of the "admin.php" script when logging in as an administrator.
  • Ref: http://www.securityfocus.com/bid/31977
  • 08.45.37 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Harlandscripts Pro Traffic One "trg" Parameter SQL Injection
  • Description: Harlandscripts Pro Traffic One is a web traffic management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "trg" parameter of the "mypage.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/497946
  • 08.45.38 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Harlandscripts Pro Traffic One "id" Parameter SQL Injection
  • Description: Harlandscripts Pro Traffic One is an application for managing web traffic. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "poll_results.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31994
  • 08.45.39 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyPHP Forum "post.php" and "member.php" Multiple SQL Injection Vulnerabilities
  • Description: MyPHP Forum is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. MyPHP Forum version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31995
  • 08.45.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 Lyrics Plugin "lyrics_song.php" SQL Injection
  • Description: The "Lyrics" plugin is a module for the e107 CMS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "l_id" parameter of the "lyrics_song.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32004
  • 08.45.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpWebSite "links.php" SQL Injection
  • Description: phpWebSite is a freely available content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "links.php" script when the "op" parameter is set to "viewlink" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/497960
  • 08.45.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SpitFire Photo Pro "pages.php" SQL Injection
  • Description: SpitFire Photo Pro is PHP based photo album application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pageId" parameter of the "pages.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/497959
  • 08.45.43 - CVE: CVE-2008-3867
  • Platform: Web Application - SQL Injection
  • Title: Interact "email_user_key" Parameter SQL Injection
  • Description: Interact is a PHP based application for online learning. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "email_user_key" parameter of the "spaces/emailuser.php" script before using it in an SQL query. Interact version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497967
  • 08.45.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple Scripts For Sites Products "directory.php" SQL Injection
  • Description: EZ Adult Directory is a PHP based script that allows users to view and rate various adult entertainment sites. EZ Gaming Directory is a PHP based script that allows users to view and rate various gambling sites. These applications are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "id" parameter of the "directory.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32021
  • 08.45.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Logz podcast CMS "add_url.php" SQL Injection
  • Description: Logz podcast CMS is a PHP based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "art" parameter of the "add_url.php" script before using it in an SQL query. Logz podcast CMS version 1.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32022
  • 08.45.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Article Publisher Pro "admin.php" SQL Injection
  • Description: Article Publisher Pro is a PHP based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the login name field of the "admin/admin.php" script before using it in an SQL query. Article Publisher Pro version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32030
  • 08.45.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripts For Sites EZ Hotscripts SQL Injection
  • Description: EZ Hotscripts is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "showcategory.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32031
  • 08.45.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EZ Webring "category.php" SQL Injection
  • Description: EZ Webring is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "webring/category.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32032
  • 08.45.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EZ BIZ PRO "track.php" SQL Injection
  • Description: EZ BIZ PRO is a link database. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "track.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32033
  • 08.45.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripts For Sites EZ Link Directory "links.php" SQL Injection
  • Description: Scripts For Sites EZ Link Directory is a PHP based link management script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "links.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32034
  • 08.45.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripts For Sites EZ Auction "viewfaqs.php" SQL Injection
  • Description: Scripts For Sites EZ Auction is a PHP based auction script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "viewfaqs.php" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/6918
  • 08.45.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripts For Sites EZ Career "content.php" SQL Injection
  • Description: Scripts For Sites EZ Career is a PHP based job script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "topic" parameter of the "content.php" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/6919
  • 08.45.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripts For Sites EZ Top Sites "topsite.php" SQL Injection
  • Description: Scripts For Sites EZ Top Sites is a PHP based web site search script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ts" parameter of the "topsite.php" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/6920
  • 08.45.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripts For Sites EZ e-store "searchresults.php" SQL Injection
  • Description: Scripts For Sites EZ e-store is a PHP based shopping script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "where" parameter of the "searchresults.php" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/6922
  • 08.45.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bloggie Lite Cookie SQL Injection
  • Description: Bloggie Lite is a PHP based blog script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data from cookies before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/6925
  • 08.45.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 1st News "id" Parameter SQL Injection
  • Description: 1st News is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "products.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32042
  • 08.45.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Maran Project Maran PHP Shop "prodshow.php" SQL Injection
  • Description: Maran PHP Shop is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "prodshow.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32043
  • 08.45.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Maran Project Maran PHP Shop "prod.php" SQL Injection
  • Description: Maran PHP Shop is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "prod.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32044
  • 08.45.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Shopping Cart Script "c" Parameter SQL Injection
  • Description: The Shopping Cart script is a web-based application. The script is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "c" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32045
  • 08.45.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Downline Builder Script "id" Parameter SQL Injection
  • Description: The Downline Builder script is a web-based application. The script is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32046
  • 08.45.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Downline Builder Pro "id" Parameter SQL Injection
  • Description: Downline Builder Pro is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32047
  • 08.45.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: deV!L'z Clanportal "users" Parameter SQL Injection
  • Description: deV!L'z Clanportal is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "users" parameter of the "user/index.php" script before using it in an SQL query. deV!L'z Clanportal versions up to and including 1.4.9.6 are affected.
  • Ref: http://www.securityfocus.com/bid/32049
  • 08.45.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Article "index.php" SQL Injection
  • Description: AJ Article is a knowledgebase system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32054
  • 08.45.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Blog Blaster Script "id" Parameter SQL Injection
  • Description: Blog Blaster Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32055
  • 08.45.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Autoresponder Hosting Script "id" Parameter SQL Injection
  • Description: Autoresponder Hosting Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32056
  • 08.45.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Scrolling Text Ads Script "id" Parameter SQL Injection
  • Description: Scrolling Text Ads Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32060
  • 08.45.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Reminder Service Script "id" Parameter SQL Injection
  • Description: Reminder Service Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32061
  • 08.45.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Classifieds Blaster Script "id" Parameter SQL Injection
  • Description: Classifieds Blaster Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32062
  • 08.45.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Classifieds Hosting Script "id" Parameter SQL Injection
  • Description: Classifieds Hosting Script is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32064
  • 08.45.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Forum "iFor" Parameter SQL Injection
  • Description: ASP Forum is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "iFor" parameter of the "forum.asp" script before using it in an SQL query. ASP Forum version 1.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/6930
  • 08.45.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BosClassifieds "cat_id" Parameter SQL Injection
  • Description: BosClassifieds is a classified ad application. BosClassifieds is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32075
  • 08.45.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Matpro.de Link "view.php" SQL Injection
  • Description: Matpro.de Link is a link management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" field of the "view.php" script before using it in an SQL query. Matpro.de Link version 1.2b is affected.
  • Ref: http://www.securityfocus.com/bid/32076
  • 08.45.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dragan Mitic Apoll "admin/index.php" SQL Injection
  • Description: Dragan Mitic Apoll is a PHP-based poll application for web pages. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "admin/index.php" script before using it in an SQL query. Dragan Mitic Apoll version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/32079
  • 08.45.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Sepal SPBOARD "board.cgi" Remote Command Execution
  • Description: Sepal SPBOARD is a web-based bulletin board implemented in Perl. The application is exposed to an issue that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input to the "file" parameter of the "board.cgi" script.
  • Ref: http://www.securityfocus.com/bid/31972
  • 08.45.75 - CVE: Not Available
  • Platform: Web Application
  • Title: 7-Shop "imageupload.php" Arbitrary File Upload
  • Description: 7-Shop is an online shopping cart application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. This issue occurs because the application fails to sufficiently sanitize file extensions before uploading files to the web server through the "includes/imageupload.php" script. 7-Shop version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31978
  • 08.45.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo and Joomla! SimpleBoard "image_upload.php" Arbitrary File Upload
  • Description: SimpleBoard is a PHP-based message board for the Mambo and Joomla! content managers. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the application fails to check file extensions properly. SimpleBoard version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31981
  • 08.45.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Instinct WP e-Commerce "image_processing.php" Arbitrary File Upload
  • Description: WP e-Commerce is a PHP-based shopping cart extension for WordPress content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. WP e-Commerce version 3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31982
  • 08.45.78 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Lotus Connections Multiple Remote Vulnerabilities
  • Description: IBM Lotus Connections is a web-based application used for information sharing between co-workers, partners and customers. The application is exposed to multiple issues. IBM Lotus Connections versions prior to 2.0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/31989
  • 08.45.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Venalsur Booking Centre SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Venalsur Booking Centre is an online booking system. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "OfertaID" parameter of the "cadena_ofertas_ext.php" script.
  • Ref: http://www.securityfocus.com/bid/31990
  • 08.45.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Typo SQL Injection and HTML Injection Vulnerabilities
  • Description: Typo is a weblog application implemented in PHP. The application is exposed to multiple input validation issues. The attacker may exploit the SQL injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Typo version 5.1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497970
  • 08.45.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Agora "MysqlfinderAdmin.php" Remote File Include
  • Description: Agora is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "_SESSION["PATH_COMPOSANT"]" parameter of the "modules/Mysqlfinder/MysqlfinderAdmin.php" script. Agora version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32000
  • 08.45.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Tribiq CMS Cookie Authentication Bypass
  • Description: Tribiq CMS is content management system. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Tribiq CMS version 5.0.9a (beta) is affected.
  • Ref: http://www.securityfocus.com/bid/32001/references
  • 08.45.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute File Send .Net Cookie Authentication Bypass
  • Description: Absolute File Send .Net is web-based script used for file sharing. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. Absolute File Send .Net version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32002
  • 08.45.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute Podcast .NET Cookie Authentication Bypass
  • Description: Absolute Podcast .NET is a web-based application used to create an online audio podcast. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute Podcast .NET version 1.0 is affected.
  • Ref: http://www.xigla.com/apodcasting/index.htm
  • 08.45.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute Poll Manager XE Cookie Authentication Bypass
  • Description: Absolute Poll Manager XE is a web-based application used to create surveys. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. Absolute Poll Manager XE version 4.1 is affected.
  • Ref: http://www.xigla.com/absolutepm/
  • 08.45.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute Form Processor .Net Cookie Authentication Bypass
  • Description: Absolute Form Processor .Net is web-based script used for forms management. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. Absolute Form Processor .Net version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32009
  • 08.45.87 - CVE: Not Available
  • Platform: Web Application
  • Title: ComingChina.com U-Mail "edit.php" Arbitrary File Upload
  • Description: ComingChina.com U-Mail is a PHP-based email application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the "/webmail/modules/filesystem/edit.php" script. U-Mail version 4.9.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497961
  • 08.45.88 - CVE: CVE-2008-4309
  • Platform: Web Application
  • Title: Tribiq CMS "template_path" Parameter Local File Include
  • Description: Tribiq CMS is a PHP-based content management system. Tribiq CMS is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "template_path" parameter of the "templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php" script. Tribiq CMS version 5.0.10a is affected.
  • Ref: http://www.securityfocus.com/bid/32018
  • 08.45.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute Banner Manager .NET Cookie Authentication Bypass
  • Description: Absolute Banner Manager .NET is web-based script used for advertisement management. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute Banner Manager .NET version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32023
  • 08.45.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute News Manager .Net Cookie Authentication Bypass
  • Description: Absolute News Manager .Net is a web log application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute News Manager .Net version 5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32024
  • 08.45.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute Control Panel XE Cookie Authentication Bypass
  • Description: Absolute Control Panel XE is an ASP based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute Control Panel XE version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32025
  • 08.45.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute Content Rotator Cookie Authentication Bypass
  • Description: Absolute Content Rotator is web-based script used for automated content rotation. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute Content Rotator version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32026
  • 08.45.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute News Feed Cookie Authentication Bypass
  • Description: Absolute News Feed is an RSS syndication and news application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute News Feed version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32027
  • 08.45.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute FAQ Manager .NET Cookie Authentication Bypass
  • Description: Absolute FAQ Manager .NET is web-based script used for FAQ management. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute FAQ Manager .NET version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32028
  • 08.45.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Absolute Newsletter Cookie Authentication Bypass
  • Description: Absolute Newsletter is web-based script used for marketing. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Absolute Newsletter version 6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32029
  • 08.45.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Sharedlog CMS Remote File Include
  • Description: Sharedlog CMS is a PHP-based content management system. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "$GLOBALS['root_dir']" parameter of the "slideshow_uploadvideo.content.php" script.
  • Ref: http://www.securityfocus.com/archive/1/497978
  • 08.45.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Flash Tree Gallery Component Remote File Include
  • Description: Flash Tree Gallery is an picture gallery component for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_live_site" parameter of the component's "admin.treeg.php" script.
  • Ref: http://www.milw0rm.com/exploits/6928
  • 08.45.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Maran Project Maran PHP Shop Cookie Authentication Bypass
  • Description: Maran PHP Shop is a PHP-based shopping cart application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/bid/32048
  • 08.45.99 - CVE: Not Available
  • Platform: Web Application
  • Title: NetRisk SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: NetRisk is a web-based application. The application is exposed to multiple issues. An SQL injection issue affects the "id" parameter of the "index.php" script. A cross-site scripting issue affects the "error" parameter of the "index.php" script. NetRisk versions up to and including 2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/32051
  • 08.45.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Joovili Cookie Authentication Bypass
  • Description: Joovili is a content management system. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Joovili version 3.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32058
  • 08.45.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Article Publisher PRO Cookie Authentication Bypass
  • Description: Article Publisher PRO is a content management system. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Article Publisher PRO version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32059
  • 08.45.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Micro CMS "microcms-admin-home.php" Security Bypass
  • Description: Micro CMS is a content management system. The application is exposed to a security bypass issue because it fails to restrict access to the "microcms-admin-home.php" script. Micro CMS versions up to and including 0.3.5 are affected.
  • Ref: http://www.securityfocus.com/bid/32063
  • 08.45.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Apartment Search Script Arbitrary File Upload and Cross-Site Scripting Vulnerabilities
  • Description: Apartment Search Script is a web-based application. The application is exposed to an issue that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied input when uploading images while editing user profiles.
  • Ref: http://www.securityfocus.com/bid/32065
  • 08.45.104 - CVE: Not Available
  • Platform: Web Application
  • Title: GeSHi "geshi.php" Remote Code Execution
  • Description: GeSHi (Generic Syntax Highlighter) is a PHP-based application that highlights source code in various colors. The application is exposed to a remote code execution issue that occurs in the "geshi.php" script. GeSHi versions prior to 1.0.8.1 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=637321
  • 08.45.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Acc Scripts Acc PHP eMail Cookie Authentication Bypass
  • Description: Acc Scripts Acc PHP eMail is a web-based script used for email subscription management. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Acc Scripts Acc PHP eMail version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32074
  • 08.45.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Acc Scripts Real Estate and Statistics Cookie Authentication Bypass
  • Description: Acc Real Estate is a PHP-based real estate application. Acc Statistics is a PHP-based website statistics application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Acc Statistics versions 1.1 and Acc Real Estate 4.0 are affected.
  • Ref: http://www.securityfocus.com/bid/32078
  • 08.45.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Acc Scripts Acc Autos Cookie Authentication Bypass
  • Description: Acc Scripts Acc Autos is a PHP-based automobile listing application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Acc Autos version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32083
  • 08.45.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Agavi "cmplang" Parameter Directory Traversal
  • Description: Agavi is a PHP application framework. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "cmplang" parameter of the "index.php" script. Agavi version 1.0.0 beta 5 is affected.
  • Ref: http://www.securityfocus.com/bid/32086
  • 08.45.109 - CVE: Not Available
  • Platform: Network Device
  • Title: A-Link WL54AP3 and WL54AP2 Cross-Site Request Forgery and HTML Injection Vulnerabilities
  • Description: A-Link WL54AP3 and WL54AP2 are wireless routers. A-Link WL54AP3 and WL54AP2 are exposed to multiple remote issues. A cross-site request forgery vulnerability may allow attackers to change DNS servers, enable the WAN web server, and change usernames and passwords. An HTML injection vulnerability affects the 'Domain name'"textbox" included in the management interface.
  • Ref: http://www.louhinetworks.fi/advisory/alink_081028.txt

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Excellent, relevant, immediately useful information. I can't wait to get back to the office to try it out.
-Steve Zehl, USGS

SANS Pen Test Hackfest 2013 - Washington

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP